https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/73bd6f9c-87f4-40a9-868a-cc2d18095dc2.jpg

gkrastenov

Security Researcher

Smart Contract Researcher | DM for private audit 🗓️

Contact Me

High

17

Total

Medium

14

Total

$3.87K

Total Earnings

#819 All Time

23x

Payouts

silver

2x

2nd Places

regular

3x

Top 10

regular

9x

Top 25

All

Sherlock

Code4rena

CodeHawks

Apr '25

Aegis.im YUSD

Aegis.im YUSD

185.77 OP • 2 total findings • Sherlock • gkrastenov

silver

high

Taking YUSD as a fee during redeem approval can inflate the token

medium

Maximum redeem cap can easily be reached

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • gkrastenov

#18

medium

A malicious user can extend the staking duration forever

Feb '25

Usual Labs

Usual Labs

6.09 USDC • Sherlock • gkrastenov

#50

Dec '24

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • gkrastenov

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

20.16 USDC • Sherlock • gkrastenov

#23

Fjord Token Staking

Fjord Token Staking

0.19 USDC • 1 total finding • CodeHawks • gkrastenov

#20

medium

[H-01] Auction tokens will be lost forever when auction ends without bids

Winnables Raffles

Winnables Raffles

1.80 USDC • 1 total finding • Sherlock • gkrastenov

#37

high

Funds from canceled raffles will be stuck in the contract

Tadle

Tadle

162.01 USDC • 4 total findings • CodeHawks • gkrastenov

#40

high

TokenManager - Unlimited withdraw

high

Native token withdrawal fails until manually approved

high

Token withdrawal fails until someone manually approves spending

high

Fund Withdrawal Flaw in preMarket Allows Users to Avoid Settlement Obligations

Jul '24

TraitForge

TraitForge

0.77 USDC • 3 total findings • Code4rena • gkrastenov

#82

high

Wrong minting logic based on total token count across generations

medium

There is no slippage check in the `nuke()` function.

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Munchables

Munchables

0.39 USDC • 1 total finding • Code4rena • gkrastenov

#48

high

Single plot can be occupied by multiple renters

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

4.42 USDC • 3 total findings • Sherlock • gkrastenov

#57

high

Incorrect check of ownerOf for tokenId during voting

medium

Everyone can add an additional amount to an existing staking position

medium

Blocking voters from receiving extra bribe rewards

Jan '24

Avail

Avail

50.11 USDC • Sherlock • gkrastenov

#20

Salty.IO

Salty.IO

8.76 USDC • 1 total finding • Code4rena • gkrastenov

#114

medium

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

Curves

Curves

39.69 USDC • 1 total finding • Code4rena • gkrastenov

#71

medium

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

SYMM IO

SYMM IO

20.89 USDC • Sherlock • gkrastenov

#23

Dec '23

The Standard

The Standard

0.12 USDC • 3 total findings • CodeHawks • gkrastenov

#98

high

Rewards can be drained because of lack of access control

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

low

`costInEuros` calculation will incur precision loss due to division before multiplication

Sep '23

Venus Prime

Venus Prime

129.33 USDC • 1 total finding • Code4rena • gkrastenov

#26

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

Allo V2

Allo V2

185.18 USDC • 1 total finding • Sherlock • gkrastenov

#36

medium

Not cleaned votes to other recipient statuses

Delegate

Delegate

40.13 USDC • Code4rena • gkrastenov

#9

Ondo Finance

Ondo Finance

2,830.59 USDC • 1 total finding • Code4rena • gkrastenov

silver

medium

Chain support cannot be removed or cleared in bridge contracts

Aug '23

Dopex

Dopex

181.37 USDC • 1 total finding • Code4rena • gkrastenov

#64

high

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

3.67 USDC • 5 total findings • CodeHawks • gkrastenov

#176

high

Tokens with less than 18 decimals allow for draining of funds

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Fee on transfer tokens will cause users to lose funds

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

No expiration deadline leads to losing a lot of funds

May '23

Iron Bank

Iron Bank

0.00 USDC • 1 total finding • Sherlock • gkrastenov

#25

medium

Returned values of Chainlink Oracle are not verified